•Provide Cybersecurity expertise/guidance on complex Satellite/Space systems.

•Led team to perform ongoing security assessments, penetration tests and security architecture reviews. •Led highly skilled information security engineers, to manage the security vulnerabilities and risks across WB. This includes supporting application/system owners to manage risks and remediate vulnerabilities. •Responsible for developing information security strategies and roadmaps.•Managed the risk and vulnerability team, metrics and reporting for WB application owners, executives and TWIA.•Worked with third party pen testers to perform penetration tests on a regular basis. •Negotiated with all vendors to acquire necessary services on tight budget. •Worked with business stakeholders and architects to develop secure architecture throughout enterprise network. Defense in depth approach taken to greatly increase network security posture. •Developed WB’s current rigorous process for security architecture reviews. This includes evaluating proposed network designs and security controls for all projects for WB. •Performed risk assessment on all network perimeter changes including FW rules. •Managed the security vulnerabilities and risks across WB including identifying, supporting application/system owners to manage risks and remediate vulnerabilities. Provide initial and ongoing security due diligence including network and application penetration testing of internal and relevant third party vendors, systems and solutions.•Provided guidance to internal IT teams and business with goal of enforcing information security policy initiatives through implementation of core security controls. •Drove implementation of core security controls to meet regulatory, commercial and organizational technology compliance requirements across enterprise.

•Work directly with the business units to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection. Provide subject matter expertise to executive management on a broad range of information security standards and best practices.•Provide strategic and tactical security guidance for key IT projects, including the evaluation and recommendation of technical controls. •Develop and manage information security budgets and monitor them for variances. •Create and facilitate the information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings and management of outside assessors. •Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources. •Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.•Interpret and translate the various laws, regulations, contracts, and requirements into policies and procedures for RAND Corporation.•Responsible for reviewing and responding to the Information Security components of contracts and grants with RAND’s clients.•Responsible for conducting internal audits and assessments.•Responsible for organizing and working with our internal auditors to ensure comprehensive evaluation of our information security.•Responsible for organizing and overseeing Red Team exercises.•Responsible for developing and delivering the annual information security training program.

•Managed and led Information Security objectives across various Avionics and Navigation system programs. This includes radar, helicopter and jet systems.•Manually built Navigation systems network in lab to test functionality after remediation. •Utilized vulnerability/malware scanners such as Gold Disk and Retina to discover target vulnerabilities on all equipment. Manually applied remediation to all assets. •Also ensured that Security Technical Implementation Guides (STIGs) were being followed and manually applied to system devices as such as routers, switches, Windows and Unix boxes as necessary. Manually configured and secured system components.•Developed information security requirements for Avionics and Navigation systems. •Executed system security development activities under standards such as Federal Information Security Management Act (FISMA) and DoD Information Assurance Certification and Accreditation Process (DIACAP). •Successfully obtained 3 year certification and accreditation (C&A) Approval to Operate (ATO) for various programs. •Developed Cybersecurity strategies and plans, which were executed on a tri-annual basis.•Addressed all known program threats and vulnerabilities. Briefed client on weekly basis on mitigation progress.•Performed daily information security audits of components within the system.•Coordinated threat and vulnerability activities including risk analysis and remediation.•Authored comprehensive vulnerability tracking document. •Developed design requirements and led peer reviews for Information Security products.•Led scoping for Information Security budget estimation efforts on proposal initiatives. Ensured that solutions fit within customer technical, schedule and cost constraints.•Tracked teams’ hours and activities as Cost Accounts Manager.

Booz Allen Hamilton Jan 2005- Oct 2011Senior Project Lead (Information Security) 2009-2011• Led information security initiatives on various ground and air satellite communications systems.• Led team to manually verify FISMA controls. Utilized results to develop risk evaluations, vulnerability mitigation strategies, and cost effective solutions. • Performed trade studies and analyses on emerging Cybersecurity technical solutions such as firewalls, Intrusion Detections Systems (IDSs), and Cross Domain Solutions (CDSs). • Developed and taught Information Security class to entire Space and Missile Center. Class covered topics such as FISMA, NIST Federal Information Processing Standard 140-2, vulnerability mitigation techniques, residual risk evaluation process, and relevant news. Monitored and responded to feedback from all levels of attendees, including program directors.• Collaborated with various Agencies, such as FBI and NSA to analyze Threat data. Researched and analyzed incidents for entry into Threat analysis database. Utilized database for program risk assessments. Briefed progress and findings to senior leadership.

• Led effort that validated and assessed vulnerabilities on large scale Satellite systems. Analyzed system architecture and impact of cutting edge technologies such as cross domain solutions, firewalls and mission planning subsystems. Utilized results to develop comprehensive security posture evaluation and risk mitigation strategy, which clients used to choose most cost effective solution for system.• Developed Cyber Security strategy and training for clients across several programs. Training includes penetration testing and system hardening.

• Led Software Assurance team for large scale satellite system. Developed products including control verification plans and software assurance requirement plans. Plans were rolled into system development and security strategies.• Designed network model and simulation prototypes, which analyzed the flow of internet protocol packets between encryptors and other network components. Results were used to develop system risk mitigation plan

• Programmed and delivered several sophisticated software tools on time with high quality for DoD Space and Naval Warfare (SPAWAR) Center High Assurance Internet Protocol Encryptor (HAIPE) project. Wrote code performing advance cryptographic algorithms and packet assembly/dissection capabilities. • Authored HAIPE technical related documentation such as test plans and concept of operations (CONOPS) whitepapers.

• Wrote scripts in VBS, JS, and Perl for verification of a commercial-grade, Windows-based application. This application served as a tool for embedded software development. This tool saved major micro-chip developers production and operational cost by detecting and correcting flaws in micro-chip prototypes.

• Utilized and designed bioengineering software tools in order to acquire data and investigate the structure of cardiac muscle and the various functions of the heart. Worked very closely with doctors, to create an application that provides insight into patients’ heart condition.

Provide technical support to researchers utilizing Supercomputer Center.